Trust and security

Witty attaches great importance to the privacy and security of its users.

In this spirit, the trust of our users is more important to us than data collection. However, in order to provide our users with insights and to continuously improve Witty, we do need to collect some data.

On this page, we want to give an overview over:

Data storage

Platform.sh

Platform.sh is used to store the configuration of each organization. For example, we store if grammar & spelling issues should be highlighted, or if inclusive terms should be seen. For more details, have a look at the trust center of platform.sh. 

Platform.sh uses the following infrastructure as a service (IaaS) IaaS:

  • AWS: Amazon Web Services (AWS) is the world's most comprehensive and broadly adopted cloud platform, introduced by Amazon in 2006.
  • Azure: Azure is a cloud platform introduced by Microsoft in 2010.
  • GCP: Google Cloud Platform (GCP) is a cloud platform introduced by Google.

For more details have a look at the IaaS resources of platform.sh. 

 

Azure AD B2C

Azure Active Directory B2C (Azure AD B2C) is an identity management service that enables customers to register and login to Witty. The login is needed to store the customization and the settings of each user, e.g. for which webpage Witty should be disabled.

This service is hosted in the EU. For more details, have a look at the Microsoft's documentation of this service.

 

Stripe

Stripe is our payment gateway. Any credit card information is never seen by Witty Works. 

For more details, have a loot at the security information from Stripe.

 

Posthog

PostHog is an open-source product analytics platform. We use Posthog to provide you with statistics about your use of Witty, such as how many terms you or your team have replaced in the last month or what the most commonly used deterrent terms in your organizations are.

We made the conscious decision to move sending data to Posthog from the API to the browser extension, so that users can inspect what data we are storing for increased transparency.

For more details, have a look at the privacy compliance of Posthog.

 

HubSpot CRM

HubSpot is a  Customer Relationship Management tool (CRM). We use HubSpot to track users on Witty's website and on Witty's dashboard, but not when using Witty. We use their EU data center.

For more details, have a look at HubSpot's security page.

 

Sentry

Sentry is a crash reporting platform. It notifies us of exceptions or errors that users run into while using Witty. Sentry is hosted in the US. 
 
For more details, have a look at Sentry's security page.
 
 
 

Google Analytics

Google Analytics is a web analytics service that provides statistics and basic analytical tools for search engine optimization and marketing purposes. We use Google Analytics to track users anonymously on Witty's website and on Witty's dashboard, but not when using Witty. For example, we track which content user click on to help us improve the user experience. 

For more details, read how Google safeguards your data.

Note: We are looking to reduce our use of Google Analytics and plan to self-host Posthog and Sentry within the EU.

Data collection

We collect data for two purposes: to improve product content and product quality.

As a key first step for any data we collect, we always filter the data to remove URLs, emails and numbers to reduce the chance of any personal identifiable information to be collected.

 

Improve the product content

We collect data about user interaction. For example, we collect how often a user opens the popup, which alternatives a user accepts or which categories are used most. This helps us understand which parts of Witty generate the most value for users and which parts require work or maybe even need to be removed.

Furthermore, we collect a few words before and after the highlighted term (100 characters) when a user accepts an alternative or chooses to ignore a highlighted term. This allows us to learn in what context a term should or should not be highlighted. Paid users can choose to disable context collection, f.e. if there are legal requirements.

By also collecting which alternative users accept, we can also learn in what context which alternative is the most appropriate one to be able to change the sort order of the alternatives and which alternatives should or should not be listed (we currently limit ourselves to maximum 5 alternatives for usability reasons).

All this data is collected anonymously. We only link this data with a randomly generated ID. Only if users actively state that they want to see their own statistics do we link this data to a user.

 

Improve the product quality

In rare cases of errors or exceptions, we capture a so-called “stack trace” to allow us to better understand what caused the exception in order to fix it. This “stack trace” never contains the user's email address or name, but links to the browser id. It also contains parts of the submitted text. We remove the “stack trace” data as soon as the issue has been analyzed and fixed. Below is an example of what this may look like:

Screenshot of a stack trace

 

Data Analytics & Dissemination

On Witty's dashboard, we users and teams can access their analytics (coming soon), such as how many terms were replaced in the last month or what the most commonly used inclusive terms were. These analytics help users and organizations gain insights into their biases and progress. It is important to note that the goal is not to expose individuals. The main goal of Witty is to help people write inclusively.

For this purpose, several steps are taken to protect the privacy of individuals when providing team analytics:

  1. We collect the data for each user with a randomly generated ID. By default, this ID is not linked to a user or an email address. Users will be able to choose to connect this random ID to their email account in order to get an aggregated view of all of their devices and to prevent losing analytics data because they uninstall the extension.

  2. Team analytics always provides an aggregated view and never individual user data.

  3. For small teams (less than 10 weekly active users), users must consent to be included in aggregated team analytics. For more than 10 weekly active users, companies can choose to require opt-in or not, and the setting will be displayed to all users.